CVE-2018-1999008: XSS
First published: Mon Jul 23 2018(Updated: )
October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octobercms October | <1.0.437 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1999008?
CVE-2018-1999008 is a Cross Site Scripting (XSS) vulnerability in October CMS version prior to build 437.
How does CVE-2018-1999008 affect October CMS?
CVE-2018-1999008 affects October CMS by allowing an authenticated user with media module permission to create arbitrary folder name with XSS content.
What is the severity of CVE-2018-1999008?
The severity of CVE-2018-1999008 is medium with a CVSS score of 5.4.
How can I fix CVE-2018-1999008 in October CMS?
To fix CVE-2018-1999008 in October CMS, update to build 437 or a later version.
Where can I find more information about CVE-2018-1999008?
You can find more information about CVE-2018-1999008 at the following link: [https://octobercms.com/support/article/rn-10](https://octobercms.com/support/article/rn-10).
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/octobercms
- canonical/octobercms october